Im not really looking to become and expert at running a web server or anything but I pretty much play around with freebsd as a hobby. Ive been using freebsd for that last three years and have some basic knowledge and can keep my system up and fix minor problems etc. Ive been wanting to learn more about jails lately and want to set up a web server to play around with and give myself something to do in my off time. Setting up the jail appears easy enough but the one part of it that I dont fully understand is the networking and how the port forwarding to the jail works etc. Is there anywhere that I can turn to look for this information to help me understand the networking concepts and more importantly how they work with jails? Ive seen several writeups that give some information on how to get the network side of things working properly but i dont understand it fully. I see this

Code:

ifconfig_fxp0_alias0="inet 10.10.10.100/32"

but dont understand what the /32 is at the end of the ip. In some writes ups it shows a /24.

Code:

prefixlen len
(Inet6 only.) Specify that len bits are reserved for subdividing
networks into sub-networks. The len must be integer, and for
syntactical reason it must be between 0 to 128. It is almost
always 64 under the current IPv6 assignment rule. If the parameter
is omitted, 64 is used.
The prefix can also be specified using the slash notation after
the address. See the address option above for more information.

I guess that I dont quite understand what this is telling me.
If anyone is willing to put me in the right direction to help understand this and the basics of jails and setting them up I would appreciate it.

/32 means that 32 bits of the IP address never change. And since an IPV4 address is only 32 bits, then that means it's a single IP address.

For example, on my internal network, I have it set up as 10.0.0.0/8, which means the only thing in the IP that ever stays the same is the first octet (the "10."). So I have over 16 million IP's available on my internal network.

As far as "port forwarding" to the jail, you'll have to do that at your switch/router level. Since the jail has its' own IP address, you can forward all requests on port 80 from your router to the IP of the jail (assuming, of course, that the jail's IP sits on the same subnet as your router). If the rest of your "internal" network is, for example, 192.168.1.0/24, then this solution won't work (since 10.10.10.100/32 is not in the same subnet).

Hopefully I didn't confuse you further

__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!

Absolutely not! You didnt confuse me further. This was good information. I guess this leads to another question though. Does my jail require its own network card? I guess I dont understand how you can run two ip's on a single network card unless the host system is sending the information to the jail.

Is the one for jails in general, and in the first paragraph there's a link to the ezjail one. I do recommend ezjail, it does what its name implies and makes it easier, though I think it's still quite necessary to have a reasonable understanding of jails first.

One more question about the networking side of things. Obviously I have a very limited knowledge of networking too which im hoping to learn something in this arena as well. My BSD box is set up for DHCP right now but at the router by mac address its set up to hold a specific ip for this computer so that its IP never changes. Can I leave this set for DHCP but when I set up the jail just assign the alias as an address that is higher than what is normally used by my home network? Right now my bsd box is 192.168.1.10. If I assign the alias to 192.168.1.100 then there is no chance that any of my computer on my home network will try to aquire that address?? Is this a dumb way to go about this?

scottro,
Actually, your guide is what ive been hoping to use to get the jails set up.

Ok... this has me a bit off. Is it a must to update source to use jails? Ive installed FreeBsd 7.0-Release a bit back but not too long ago. It now looks like the newest source reflects REVISION="7.0"
BRANCH="RELEASE-p3"
.

I am trying to decide whether I should update the entire system or can I get away with removing the source and replacing it with what is on the cd? FreeBSD 7.0-RELEASE is what my machine is currently running. I am afraid of breaking my machine. I did try to run ezjail-admin update -i but it errors on me i think because I have updated my /src directory but it doesnt match the version that I am currently running?? I get as an error

Well, thanks for everyones help. System is updated "first time ive done that", jail is created and working although I would still like to understand it better. The networking side of it appears to be working fine which is good. I definitely need to change the ssh port ive noticed. The jail was up for one hour and already 4 attempts to login. I started denyhosts in the jail but will change the ssh port soon. I originally set up an account inside of the jail for admin purposes but later deleted it figuring that I could just admin it from the computer itself. Im not sure what the best way to go about administrating the jail is yet.

Additionally, do some searching on the forums - there are brute force mitigation techniques using PF that may come in handy.

Quote:

Originally Posted by neurosis

I originally set up an account inside of the jail for admin purposes but later deleted it figuring that I could just admin it from the computer itself. Im not sure what the best way to go about administrating the jail is yet.

I got apache22 installed and up but still need to spend a little time on the config. When i installed apache it didnt seem to put some things where expected IE when I tried to connect to my computer to view the apache page i rather got an error stating that I was not authorized to access root dir/ . That confused me a little. the data directory appeared to be missing completely although everything else seemed to be there which I thought was a bit strange.

(found the answer to the question already. I searched all over the internet for writeups and go figure.. i found what i needed on apache's web site.)

Well, thanks for everyones help. System is updated "first time ive done that", jail is created and working although I would still like to understand it better. The networking side of it appears to be working fine which is good. I definitely need to change the ssh port ive noticed. The jail was up for one hour and already 4 attempts to login. I started denyhosts in the jail but will change the ssh port soon. I originally set up an account inside of the jail for admin purposes but later deleted it figuring that I could just admin it from the computer itself. Im not sure what the best way to go about administrating the jail is yet.

Hehe, this is funny. I get THOUSANDS of attempts per day on the machine I serve my sites from, but of course they don't get in. That's the key here.